apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
  namespace: hostpath-provisioner
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  namespace: hostpath-provisioner
  name: hostpath-provisioner-operator-webhook-service-cert
  labels:
    name: hostpath-provisioner-operator
spec:
  secretName: hostpath-provisioner-operator-webhook-service-cert
  dnsNames:
  - hostpath-provisioner-operator-webhook-service.hostpath-provisioner.svc
  issuerRef:
    name: selfsigned-issuer
---
apiVersion: v1
kind: Service
metadata:
  name: hostpath-provisioner-operator-webhook-service
  namespace: hostpath-provisioner
spec:
  ports:
    - port: 443
      protocol: TCP
      targetPort: 9443
  selector:
    name: hostpath-provisioner-operator
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: hostpathprovisioner.kubevirt.io
  annotations:
    cert-manager.io/inject-ca-from: hostpath-provisioner/hostpath-provisioner-operator-webhook-service-cert
  labels:
    name: hostpath-provisioner-operator
webhooks:
- admissionReviewVersions:
  - v1beta1
  clientConfig:
    service:
      name: hostpath-provisioner-operator-webhook-service
      namespace: hostpath-provisioner
      path: /validate-hostpathprovisioner-kubevirt-io-v1beta1-hostpathprovisioner
      port: 443
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: validate-hostpath-provisioner.kubevirt.io
  objectSelector: {}
  rules:
  - apiGroups:
    - hostpathprovisioner.kubevirt.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - DELETE
    - UPDATE
    resources:
    - "*/*"
    scope: '*'
  sideEffects: None
  timeoutSeconds: 30

